Trellix Endpoint Security (HX)

Trellix Endpoint Security (HX) (formerly FireEye Endpoint Security (HX)) can be deployed as an on-premise hardware appliance, a virtual appliance, or through a cloud instance. Trellix Endpoint Security (HX) monitors each endpoint device or host, collecting real-time data of events, identifying threat activity collecting forensic data, and quarantining endpoints if necesary.

Configuring the Connector for Trellix Endpoint Security (HX) #

To configure Lucidum to ingest data from Trellix Endpoint Security (HX):

  1. Log in to Lucidum.

  2. In the left pane, click Connector.

  3. In the Connector page, click Add Connector.

  4. Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.

  5. In the Settings page, enter the following:

    • Host (required) – The hostname or IP Address of the Trellix Endpoint Security (HX)ecurity management server.

    • Port (optional) – Default is 3000.

    • User Name and Password (required) – A valid user account on Trellix Endpoint Security (HX)ecurity associated with the api_admin or api_analyst role.

    • Verify SSL. For future use.

  6. To test the configuration, click Test.

    • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

    • If the connector is not configured correctly, Lucidum displays an error message.